Sebastien Larinier
9c03f6ab9d
add software for cmd line and change type
2024-03-07 10:10:36 +00:00
Alexandre Dulaunoy
c72ec74070
fix: [cs-beacon-config] Partial info from CS beacon are possible
...
Fix #417 - Thanks to @sebdraven
2024-03-06 07:24:37 +01:00
Christos Arvanitis
a367c43eb9
Disable correlation for IntelMQ time fields
2024-03-05 11:22:17 +01:00
Alexandre Dulaunoy
173af552aa
chg: [person/organization] `impersonated` added to the role of person
...
and organization templates
Thanks to NRC Cyber Security for the idea.
2024-03-05 08:59:45 +01:00
Christian Studer
3ac509965f
add: [process] Environment variables attribute
2024-01-30 15:19:54 +01:00
Christian Studer
7c565093df
chg: [artifact] Changed the `payload_bin` attribute to attachment type
2024-01-19 23:15:41 +01:00
David Cruciani
401c34f6f3
chg: [flowintel-task] add case-uuid
2024-01-15 09:11:00 +01:00
David Cruciani
248e7a95dc
chg: [validation] jq all
2024-01-10 12:07:32 +01:00
David Cruciani
55917fe94c
chg: [version] v2
2024-01-10 11:52:10 +01:00
David Cruciani
b407a9d046
chg: [url] to_ids
2024-01-10 11:49:54 +01:00
David Cruciani
156fa7a07e
chg: [flowintel] typo + uuid+origin-url
2023-12-14 16:14:44 +01:00
David Cruciani
b657128758
new: [object] flowintel-cm
2023-12-14 15:58:46 +01:00
Alexandre Dulaunoy
587b298e1e
chg: [shadowserver-malware-url-report] resource path added to improve
...
correlation aspects
2023-12-08 15:18:32 +01:00
Alexandre Dulaunoy
fcd2cf2445
chg: [cs-beacon-config] updated to add details requested by ShadowServer
2023-12-07 10:54:40 +01:00
Alexandre Dulaunoy
7f77dbe685
chg: [shadowserver-malware-url-report] sane default added for severity
...
Ref: https://github.com/The-Shadowserver-Foundation/report_schema/blob/main/severity.md
2023-12-07 08:50:15 +01:00
Alexandre Dulaunoy
f02af50725
chg: [shadowserver-malware-url-report] sane_default added
2023-12-06 09:50:54 +01:00
Alexandre Dulaunoy
23e41b2262
chg: [shadowserver-malware-url-report] severity added
2023-12-06 09:46:08 +01:00
Alexandre Dulaunoy
047d442311
fix: [report] typo fixed
2023-12-06 09:32:13 +01:00
Alexandre Dulaunoy
08db16c162
chg: [report] `title` field added to the report object template
2023-12-06 09:05:16 +01:00
Alexandre Dulaunoy
c536f2f318
fix: [shadowserver-malware-url-report] `port` field added
2023-12-06 08:45:51 +01:00
Alexandre Dulaunoy
a240e70334
fix: [victim] object updated
2023-12-05 20:58:22 +01:00
Matthieu Faou
5a19c46498
Changed academic research to academia - university to align with the sector cluster
2023-12-05 12:25:32 -05:00
Matthieu Faou
d7007fe456
Added 5 sectors to the victim object
2023-12-05 11:50:38 -05:00
Alexandre Dulaunoy
c18a240153
new: [shadowserver-malware-url-report] first version
...
Transposition of the `malware_url` from Shadowserver
2023-11-22 09:20:56 +01:00
Matthijs van P
fd90274503
Merge branch 'MISP:main' into main
2023-11-21 14:03:33 +01:00
Alexandre Dulaunoy
d4b6596a9d
fix: [crowdstrike-report] jq all the things
2023-11-21 08:20:35 +01:00
akshayjain-1
516d5ac668
Update definition.json
...
Changed the file hash attribute type to sha256 from text
2023-11-20 13:54:12 -05:00
akshayjain-1
feeaa600b7
Create definition.json for Crowdstrike report
2023-11-20 12:09:18 -05:00
Matthijs van Polen
f90ff8c3c0
[attack-step] Fixed typo, added multiples.
2023-11-10 15:18:48 +01:00
Christian Studer
8fb566fc60
add: [intrusion-set] Added `first_seen` & `last_seen` attributes
2023-11-09 12:10:52 +01:00
Alexandre Dulaunoy
0e4c819354
Merge pull request #405 from bynt/main
...
new misp-object: c2-list
2023-11-07 21:19:55 +01:00
Christian Studer
d1653d9783
add: [user-account] Added email attribute
2023-10-31 15:49:44 +01:00
Alexandre Dulaunoy
5feb052732
chg: [cs-beacon-config] some updates
2023-10-13 16:29:01 +02:00
Alexandre Dulaunoy
3c2b62d3c3
chg: [cryptocurrency-transaction] fix the UUID
2023-09-28 10:18:32 +02:00
Alexandre Dulaunoy
40323d411e
new: [cryptocurrency-transaction] generic transaction object for any
...
cryptocurrency
2023-09-28 10:14:34 +02:00
Alexandre Dulaunoy
64e37f4bc8
chg: [coin-address] add a generic crypto address if the address format
...
is not known or supported
2023-09-28 10:06:02 +02:00
Martin Waleczek
652f0f7120
reorder elements
2023-09-19 17:05:06 +02:00
Martin Waleczek
aa3bbd44fa
add c2-ip to definition.json
2023-09-19 16:58:06 +02:00
Martin Waleczek
4e10e5501e
add definition.json for c2-list
2023-09-19 16:31:10 +02:00
Christian Studer
bb21ca8350
fix: [ilr-notification-incident] Typo
2023-09-14 16:58:22 +02:00
Alexandre Dulaunoy
0edf925a59
chg: [email] email-body-attachment added
2023-09-11 11:28:39 +02:00
Alexandre Dulaunoy
d32f9b1add
fix: [virustotal-report] bump version
2023-09-01 09:34:08 +02:00
Christian Studer
1ddb03e342
fix: [artifact] Properly JQed the end of file
2023-08-17 14:49:44 +02:00
Christian Studer
9a63309ba4
chg: [artifact] Changed the `hashes` attribute into the different hash type attributes
...
- A change to adopt the same logic as file objects
regarding the different hash values
- In STIX 2.1 an Artifact object is not necessarily
linked to a File object and both referenced by
an Observed Data object. In some cases Artifact
objects are referenced for instance by Malware
objects, in which case they describe the actual
malware sample. It is then usefull to have the
different hash values in single attributes rather
than concatenated in a text attribute
2023-08-16 23:25:32 +02:00
Christian Studer
b87cafc35e
fix: [malware] Fixed `is_family` attribute type
2023-08-10 11:39:44 +02:00
Christian Studer
a9f836f751
Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch
2023-08-10 10:00:47 +02:00
Alexandre Dulaunoy
0037856e60
new: [x-header] new generic X header object for SMTP, HTTP and others
2023-08-07 14:36:24 +02:00
Alexandre Dulaunoy
3d81ef381c
fix: [scan-results] JSON and trailing comma ;-)
2023-08-03 10:47:45 +02:00
Alexandre Dulaunoy
2f5fb87c1a
Merge branch 'main' of https://github.com/mFaou/misp-objects into mFaou-main
2023-08-03 10:46:27 +02:00
Luciano Righetti
800d677af6
Merge pull request #398 from righel/add-sigmf-templates
...
new: add basic SigMF templates
2023-08-03 09:37:27 +02:00
Luciano Righetti
21b06c2f48
fix: jq all the things
2023-08-03 09:30:58 +02:00
Luciano Righetti
17a68d93ae
fix: minor fixes
2023-08-03 08:07:47 +02:00
Luciano Righetti
ac201f475a
new: sigmf archive object
2023-08-03 08:07:33 +02:00
Matthieu Faou
0515870942
Added requiredOneOf to scan-result object definition
2023-08-02 15:35:12 -04:00
Matthieu Faou
56941c6e93
Removed the scan-result field requirement in the scan-result object
2023-08-01 16:33:23 -04:00
Alexandre Dulaunoy
4da05293d7
fix: [malware-config] typo fixed
2023-07-31 11:21:29 +02:00
Alexandre Dulaunoy
fb0ffd5d4b
chg: [malware-config] to add attachment and description of the malware config
2023-07-31 11:17:23 +02:00
Alexandre Dulaunoy
17f71b39bd
chg: [scan-results] jq all the things
2023-07-28 22:25:37 +02:00
Matthieu Faou
5e201f4e0d
removed line break
2023-07-28 15:15:17 -04:00
Matthieu Faou
22477f7bc6
Added internet scanning tools to scan-result
2023-07-28 15:09:25 -04:00
Christian Studer
9486bbbab1
add: [malware] New object template to describe a malware
2023-07-25 16:30:00 +02:00
Christian Studer
5c830087a0
add: [malware-analysis] New object template to describe a static or dynamic analysis performed on a malware instance or family
2023-07-25 15:24:39 +02:00
417190e5c48babc7
ab1f97b881
chg: [ja3s] Add domain and hostname attributes
2023-07-20 10:24:42 +03:00
Alexandre Dulaunoy
0f5cbd49d0
Merge pull request #396 from MISP/chrisr3d_patch
...
New object templates to support new STIX 2.1 Incident extension objects
2023-07-19 08:39:56 +02:00
Steph S
32e21c8806
Fixed json formatting
2023-07-13 09:48:12 -04:00
Steph S
c7bade5c8b
Added a is-malicious attribute for abuseipdb and added a google-safe-browsing object for the google-safe-browsing expansion module
2023-07-13 09:25:26 -04:00
Luciano Righetti
316a4b07d1
new: add fft and waterfall attributes
2023-07-12 15:33:23 +02:00
Luciano Righetti
ba6bad723b
fix: jq all the things
2023-07-11 17:04:18 +02:00
Luciano Righetti
59d2a301b9
new: add basic SigMF templates
2023-07-11 16:54:11 +02:00
Steph S
1374b0c7f0
Added AbuseIPDB object template for the AbuseIPDB expansion module
2023-07-10 15:22:27 -04:00
Alexandre Dulaunoy
e6864eb745
chg: [hhhash] newline fixed
2023-07-10 16:40:22 +02:00
Alexandre Dulaunoy
f7da39c557
new: [hhhassh object] An object describing a HHHash object with the hash value along with the crawling parameters. For more information: https://www.foo.be/2023/07/HTTP-Headers-Hashing_HHHash
2023-07-10 16:38:12 +02:00
Christian Studer
e215a0ff1a
add: [incident] Added the score attribute
...
- We will probably parse scores and build the
attribute value the following way:
"{name} - {description}: {score}"
2023-07-07 11:36:42 +02:00
Christian Studer
ae62d5f9b3
fix: [impacts] Typo
2023-06-22 15:50:54 +02:00
Christian Studer
49a715e1cf
fix: [confidentiality-impact] JQed
2023-06-22 15:41:06 +02:00
Christian Studer
e3556784b5
wip: [task] New object template for tasks as described in STIX 2.1 Incident object extensions
2023-06-22 15:39:02 +02:00
Christian Studer
3c17729f0e
wip: [impacts] New template for different types of impacts as described in STIX 2.1 Incident object extensions
2023-06-22 15:16:48 +02:00
Christian Studer
c5c8f35fb4
wip: [event] New object template to describe events that can happen during an incident
2023-06-22 12:28:47 +02:00
Christian Studer
1a05a9f253
add: [incident] Added the required object relation
2023-06-22 12:28:04 +02:00
Christian Studer
ef04ff8020
add: [incident] Incident object based on the STIX 2.1 Incident object as well as its core extension
2023-06-21 16:32:30 +02:00
Christian Studer
f6d069dc3d
fix: [organization] Fixed missing comma
...
- Managed to improve the description too
2023-06-15 13:51:08 +02:00
Christian Studer
1f3b9312cc
add: [organization] Added the generic `contact_information` and `sector` fields for an organization
2023-06-15 13:27:55 +02:00
Alexandre Dulaunoy
e26541e89e
Merge branch 'main' of github.com:MISP/misp-objects into main
2023-06-14 19:21:37 +02:00
Alexandre Dulaunoy
5d307f7c30
chg: [cookie] cookie can be also only a key or a value
...
This change is required for the AIL project export
2023-06-14 17:36:22 +02:00
Michael Trenker
241f4455ac
ran jq_all_the_things.sh
2023-06-14 11:54:46 +00:00
Michael Trewen
25e1790e74
jq
2023-06-13 19:15:23 +02:00
Michael Trewen
71cc235a5d
new:added Diamond Object
2023-06-13 10:47:28 +02:00
Christian Studer
ec8645f421
add: [crowdsec-ip-context] Added the `false-positives` attribute that comes alongside with the `classifications`
2023-05-26 14:17:10 +02:00
Christian Studer
35285505a1
add: [crowdsec-ip-context] Added the classifications multiple attribute
2023-05-24 16:29:06 +02:00
Alexandre Dulaunoy
61608e5d44
chg: [scan-result] updated list of potential scanning tool
...
Source: https://gist.github.com/SteveClement/baf3a9ae0ba030283ecc30acd6f7c2ae
2023-05-24 11:03:47 +02:00
Alexandre Dulaunoy
20f567757d
chg: [scan-result] jq all the things
2023-05-22 14:08:34 +02:00
Alexandre Dulaunoy
e33e893b44
new: [scan-result] object for scanning result
...
This is the metadata of a scanning result including the raw output of
the scan result.
This objects can be used for tools like Nessus or even source code
scanner to share the details about a scan.
For additional information such IP address or alike, other objects will
be used with the proper relationship added.
2023-05-22 14:04:48 +02:00
goodlandsecurity
4e5719f29a
adding cobalt strike beacon config object
2023-05-19 14:07:24 -05:00
Alexandre Dulaunoy
a605792844
chg: [crowdsec] jq all the things
2023-05-12 10:34:19 +02:00
Alexandre Dulaunoy
b0e5f39f26
Update definition.json
2023-05-12 10:31:33 +02:00
Alexandre Dulaunoy
65f4be51d5
chg: [crowdsec] updated
2023-05-12 08:52:19 +02:00
Alexandre Dulaunoy
3d736c427c
new: [crowdsec-ip-context] new initial object for crowdsec expansion
2023-05-11 16:52:24 +02:00
Alexandre Dulaunoy
fd12a1bcd7
fix: [ai-chat-prompt] improved ai-chat-prompt template
2023-04-16 10:50:30 +02:00
Alexandre Dulaunoy
302697e045
chg: [ai-chat-prompt] ui-priority fixed
2023-04-15 16:38:13 +02:00
Alexandre Dulaunoy
b81698ae10
new: [ai-chat-prompt] new object template for AI chat prompt such as ChatGPT
...
Following a discussion with @aaronkaplan in Vienna, this object is a
first version to describe an AI chat prompt. The template can describe
the model used, the actual quality of results and also what's the actor
context.
Reference #388
2023-04-15 16:31:22 +02:00
Alexandre Dulaunoy
e1327d02bb
new: [risk-assessment-report] New object template Risk assessment report
...
To be used to share risk assessment report from risk assessment platform
such as [MONARC](https://github.com/monarc-project/ ).
This extension is done in the scope of the [NISDUC project](https://www.nisduc.eu/ ).
TODO: Maybe add a field for machine-readable version of the report
2023-04-13 10:41:39 +02:00
Christian Studer
9e4afdfb7a
add: [network-socket] Added MAC address attributes
...
- Even though they are not exactly part of the
socket fields, it could be interesting to have
them to have the information about them like
they are described within the packets that are
sent using the socket
2023-03-31 11:30:33 +02:00
Alexandre Dulaunoy
b49c6824ba
chg: [greynoise-intelligence] JSON fixed
2023-03-10 15:34:32 +01:00
Brad Chiappetta
9b74873fe5
add greynoise-ip object
2023-03-10 09:16:49 -05:00
Christian Studer
1da4760dcc
fix: [network-connection, network-socket] Bytes count if also better with an S
2023-03-07 23:26:51 +01:00
Christian Studer
437808339e
fix: [network-connection, network-socket] Packets count is better with an S
2023-03-07 23:19:08 +01:00
Christian Studer
1cab455a56
fix: [network-socket] Typo
2023-03-07 16:54:30 +01:00
Christian Studer
d71cdf367d
add: [network-socket] Added bytes & packets count object relations for both the source and destination
2023-03-07 16:49:06 +01:00
Christian Studer
1651281d0b
add: [network-socket] Added the first & last packet seen object relation and made the protocol attribute multiple
2023-03-07 16:48:00 +01:00
Christian Studer
57beac3bc7
add: [network-connection] Added bytes & packets count object relations for both the source and destination
2023-03-07 16:45:51 +01:00
Christian Studer
0e9ae98b49
add: [network-connection] Added a `last-packet-seen` attribute
2023-03-06 12:02:24 +01:00
Christian Studer
9c51feb43b
add: [network-connection] Added MAC address attributes
2023-03-03 14:55:09 +01:00
Christian Studer
4b5faf196b
add: [registry-key-value] New template to describe registry key values
...
- The `registry-key` object template includes
already the `data`, `data-type` & `name` fields
of a registry key value, but there is a
limitation in the case of multiple registry key
values
- In order to describe multiple registry key
values, instead of adding a simple `multiple`
field to the related and above mentioned fields,
it is better to use the `registry-key-value`
template so we know which data, data type and
name values are related to a given registry key
value
- It is then possible to have a reference between
the registry key object and the related values
2023-03-01 20:50:30 +01:00
Raphaël Vinot
f579209884
fix: forgot to jq all the things.
2023-03-01 15:13:39 +01:00
Raphaël Vinot
38cfc975b5
fix: [ais] invalid ref name in requirements
2023-02-28 13:14:13 +01:00
Raphaël Vinot
ba80167846
chg: rename AIS -> ais to match the directory name.
2023-02-28 13:10:31 +01:00
Christian Studer
79bf12de68
add: [directory] New object template for directories
2023-02-27 10:56:31 +01:00
Christophe Vandeplas
0c7eb831d8
chg: [AIS] Addition of AIS maritime ship identification and tracking
2023-02-25 18:48:11 +08:00
Christian Studer
892b7ee70f
add: [file] Added creation, modification & access time attributes
2023-02-20 19:31:59 +01:00
Alexandre Dulaunoy
d60112ee66
new: [ransomware-group-post] First draft object for ransomlook.io
2023-02-17 10:33:59 +01:00
Alexandre Dulaunoy
13f173a3ce
fix: [victim] format fixed
2023-02-02 10:58:30 +01:00
Alexandre Dulaunoy
89010c466c
Merge pull request #383 from nyx0/main
...
[victim] add information and cultural industries sector
2023-02-02 10:57:08 +01:00
Alexandre Dulaunoy
cd27802aab
fix: [objects description] ref #384 - Grammar fixes included in the JSON files.
2023-02-02 10:51:32 +01:00
Thomas Dupuy
9b56d1f427
fix: [victim] replace tab with spaces
2023-02-01 16:56:32 +00:00
Thomas Dupuy
92ed5d48ad
new: [victim] add information and cultural industries sector
2023-02-01 16:48:01 +00:00
Thomas Dupuy
bd168c639a
chg: [victim] sort sectors
2023-02-01 16:40:24 +00:00
Alexandre Dulaunoy
fa39a64dc4
chg: [transport-ticket] update to add the type of ticket (e.g. boarding pass versus ticket)
2023-01-27 15:55:08 +01:00
Alexandre Dulaunoy
5a45977e23
fix: [transport-ticket] JSON orders
2023-01-27 15:33:22 +01:00
Alexandre Dulaunoy
81214acbbe
new: [transport-ticket] new object template to describe a transport ticket
...
Credits for the idea: Maxime Benoit
2023-01-27 15:30:32 +01:00
David Cruciani
350c9b07cf
chg: [typosquatting] jq_all_the_things
2023-01-16 08:45:20 +01:00
David Cruciani
7518752dff
add: [object] typosquatting-finder
2023-01-16 07:48:03 +01:00
Alexandre Dulaunoy
5cb7e98e20
fix: [victim] jq run
2023-01-06 15:08:28 +01:00
Thomas Dupuy
9e9540524d
new: Add legal sector.
2023-01-04 17:10:18 +00:00
Alexandre Dulaunoy
322cbaa21e
fix: [vehicle] jq all the things
2022-12-30 07:37:54 +01:00
Andras Iklody
3e8730cc1f
fix: [language] Turning french fries into freedom fries
2022-12-23 08:59:16 +01:00
Alexandre Dulaunoy
a3263d72d6
fix: [jq] all
2022-12-22 13:15:10 +01:00
Alexandre Dulaunoy
c52481cac1
fix: [thaicert-group-cards] name is singular has a single value which
...
can be multiple
2022-12-22 13:12:05 +01:00
Alexandre Dulaunoy
2b65dedb4d
fix: [objects] jq all the things
2022-12-22 13:10:03 +01:00
Alexandre Dulaunoy
83930e211f
chg: [groups->thaicert-group-cards] to make it more logical
2022-12-22 13:08:34 +01:00
Alexandre Dulaunoy
b9c512a71b
fix: [jq] JSON fixed
2022-12-15 14:39:52 +01:00
th3r3d
56c6b9148c
Create definition
...
Faked persnona template inspired by MITRE
2022-12-12 19:03:29 +01:00
th3r3d
5ff1dff7b0
Create definition in groups
...
Inspired by threat actor group cards
2022-12-12 19:02:23 +01:00
th3r3d
262e2bee90
Created definition for ADS
...
For ADS framework - create
2022-12-12 19:01:23 +01:00
Alexandre Dulaunoy
858e485263
fix: [mactim-timeline-analysis] invalid UUID fixed
2022-12-11 13:03:18 +01:00
Alexandre Dulaunoy
d491cde4b1
fix: [fail2ban] incorrect UUID fixed
2022-12-11 12:54:24 +01:00
Alexandre Dulaunoy
2787dc45d7
fix: [person] add a missing passport-creation date field.
2022-11-19 12:21:16 +01:00
Christian Studer
b877eb0815
add: [exploit] Added `description` and `title` attributes
2022-10-23 23:11:48 +02:00
Delta-Sierra
e7b9a8e7cf
add username field in telegram-bot object
2022-10-13 13:45:52 +02:00
Alexandre Dulaunoy
82c699cc5f
new: [telegram-bot] new object to describe Telegram bots
2022-10-13 10:32:58 +02:00
Alexandre Dulaunoy
06df368890
new: [intrusion-set] based on the STIX 2.1 definition
...
TODO - "Open Vocabularies" - value versus description.
2022-09-29 07:32:52 +02:00